The proportion of companies within the UK reporting cyber assaults and knowledge breaches has dropped from 50% to 43% within the final yr. A authorities research has attributed this to the “noticed strengthening of cyber hygiene amongst small companies.”

The prevalence of cyber crime total amongst UK companies and charities of all sizes has remained constant year-over-year, based on a latest authorities research. Phishing additionally remained the most typical kind of cyber crime, assault, or breach amongst organisations within the UK. Solely 680,000 of the 8.58 million cyber crimes skilled by companies weren’t categorised as phishing. Nonetheless, ransomware assaults within the UK have doubled from 0.5% of companies experiencing them in 2024 to 1% in 2025.

The outcomes had been revealed within the cyber breaches survey by the Division for Science, Innovation and Expertise and House Workplace. Its findings had been based mostly on responses from 180 companies and 1,081 charities between August and December 2024.

UK’s cyber crime stats by firm dimension

Whereas the prevalence of cyber incidents amongst medium and huge companies has remained comparatively constant at round 67% and 74% respectively, the variety of phishing assaults amongst micro and small companies has declined markedly.

In 2024, 49% of small companies and 40% of micro-businesses reported phishing assaults, however these figures dropped to 42% and 35% in 2025. The research discovered that they’re more and more adopting cyber safety threat assessments, cyber insurance coverage, cyber safety insurance policies, and enterprise continuity plans.

Authorities knowledge additionally confirmed that the bigger the organisation, the extra seemingly they’re to expertise cyber crime, which constitutes a subset of all breaches and assaults. Naturally. attackers are in search of an enormous payday, and they’re much less prone to get one from smaller corporations with restricted belongings or lower-data worth.

SEE: UK Declares ‘World-First’ Cyber Code of Follow

Cyber budgets now pitched to boards with fewer in-house specialists

The federal government survey made an fascinating statement when it got here to who takes duty for cyber safety in UK organisations. Solely 27% have a cyber specialist on their board of administrators, marking a major decline since 2021 when that very same determine was 38%.

Which means that many technical groups should now current to non-specialists on the board to request extra cyber funding. An IT and Digital Companies Supervisor at an unnamed charity stated in an interview as a part of the analysis that their board is “very concerned” and doesn’t give them “full autonomy.”

“We have to have a continuing dialogue about what we’re doing, this is the reason we’re doing it,” they stated. A cyber architect additionally stated that “nothing will get approval” at their medium-sized firm with out first making a pitch to the board, outlining the precise use case and its enterprise affect.